Microsoft: SSL/TLS attacks highly improbable, but may require patch

Microsoft has issued a security advisory about an exploit that can decrypt SSL …

Microsoft has issued a security advisory about an exploit that can decrypt SSL and TLS Web traffic. While actual attacks are considered improbable, a security patch to protect Microsoft software is likely on the way.

As noted by Ars last week, security researchers have developed a hacking tool called BEAST, or Browser Exploit Against SSL/TLS, which can decrypt “secure Web requests to sites using the Transport Layer Security 1.0 protocol and SSL 3.0.” In the Microsoft advisory released yesterday, Microsoft listed affected software as Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2 and Windows 7. A patch may be issued either in Microsoft’s usual round of monthly security updates, or in an out-of-cycle update “depending on customer needs.”

“While the affected component is a Windows component, the primary vector is to attack the browser’s use of the HTTPS protocol to intercept sensitive information, such as the session cookie of the HTTPS session,” Microsoft said.

The weakness was fixed in Chromium source code three months ago, but a demonstration of the attack “succeeded in cracking the SSL confidentiality model as implemented by the Mozilla Firefox browser when communicating with paypal.com web servers over https,” Kaspersky Lab security researcher Kurt Baumgartner writes. Kaspersky researcher Roel Schouwenberg believes a Microsoft patch is very likely, although the exact software to be patched is unclear because “the vulnerability exists on the protocol level, not on the application level. As such, a patch will transcend Internet Explorer, even if IE will be the most likely target.”

“While this is mostly a theoretical attack, we're talking about one of the foundations of trust on the Internet,” Schouwenberg also says.

You're probably safe

Despite the successful demo, attacks are unlikely, according to officials from the Microsoft Security Response Center. In a blog post titled “Is SSL Broken?” the answer provided is “yes and no,” because “there are significant mitigating factors that would make the attacks difficult or impossible.”

The mitigating factors are listed as follows:

The HTTPS session must be actively attacked by a man-in-the-middle; simply observing the encrypted traffic is not sufficient.

The malicious code the attacker uses to decrypt the HTTPS traffic must be injected and run within the user’s browser session.

The attacker’s malicious code needs to be treated as from the same origin as the HTTPS server in order for it to be allowed to piggyback on an existing HTTPS connection. Most likely it requires the attacker to exploit another vulnerability to bypass the browser’s same origin policy.

Kaspersky’s Baumgartner agrees that attacks are unlikely. When the security researchers who developed BEAST demonstrated it, “they couldn’t get it to work in pure javascript or flash, [so] they implemented the exploit in a Java applet and attacked the stream between Firefox and https://paypal.com,” he notes.

“The attack has been well known for almost 10 years, it's just that there hasn't been a practical exploit implementing the attack,” Baumgartner also writes. “To me, this exploit is a low risk one because of its impracticality.”

Workarounds

In the meantime, Microsoft offered a couple of workarounds. Web server administrators should “give a higher priority for the RC4 Cipher Suite than CBC (cipher-block chaining) since the attack only affects cipher suites that use CBC,” Microsoft notes. “We would also encourage users and Web administrators to enable the newer security protocols, such as TLS 1.1, on both the client side and the server side.”

TLS 1.1 often is not enabled by default because of compatibility problems. But Microsoft urged an industry-wide effort to increase adoption of TLS 1.1 or 1.2. TLS 1.1 is supported in Windows 7 and Windows Server 2008 R2.